BEFSX41 & TheGreenBow VPN Problems

I'm having some problems getting my VPN working with GreenBow and a BEFSX41. The network is simple. I've got a WRT54G connected to the BEFSX41 (which also has 2 PCs attached), which is connected to the cable modem. One of the PCs is my roomate's, and the other one is my file server. My main computer is my laptop, and I want to be able to access my server from anywhere that I have internet. Now, one thing I'm kind of curious about is, would I be able to tunnel to the router while I'm using my access point inside of the VPN?

at the phase 2 config:
- your VPN Client Address should not be of one of your intranet-addresses because of routing problems
- your Remote LAN Address is 192.168.2.1 with submask 255.255.255.0; this doesnÂ´t point at one or more subnet(s)!
e.g.: i have 2 subnets behind the router (befsx41)
a) 192.168.1.0 (the last 0 means the whole net)
b) 192.168.2.0
in order to reach both nets i have to put in 192.168.0.0 with the submask 255.255.0.0 (or 255.255.128.0)

>>> - your VPN Client Address should not be of one of your
>>> intranet-addresses because of routing problems

The statement above is incorrect. After the tunnel is brought up on the PC that's using the TheGreenBow VPN client software, you'll want to be able to talk to the other computers on the remote subnet (192.168.2.0/24). The way this is made possible is to assign an address on the same subnet. When the VPN Tunnel is up, your client should route all packets for the 192.168.2.0 subnet over the Tunnel. Unfortunately windows does not show TheGreenBow routes in itâ€™s routing table (netstat â€“rn), so itâ€™s hard to tell if itâ€™s working. However, once your tunnel is up you should be able to PING the BEFSX41 LAN interface 192.168.2.1.

I actually have almost the EXACT same setup configured. The only difference I have is that I set the Phase 1 & Phase 2 Default Lifetime on the TheGreenBow client to 3600 secs. Then set the same on the BEFSX41.

My Tunnel comes up. I can ping the BEFSX41 LAN Network address (192.168.2.1) when the Tunnel is up. I can even manage the BEFSX41 through the tunnel using http://192.168.2.1. My problem is connecting to OTHER hosts on the network. I have a PC with 192.168.2.4 and when I try to ping that address, I get no response. So I installed Ethereal on that computer in an attempt to figure out whatâ€™s going on. Ethereal shows that when I ping from the PC using TheGreenBow VPN Client and the Tunnel is up, the ICMP request do reach 192.168.2.4. That PC then ARPs back out for the VPN client at 192.168.1.100, but the ARP request does not make it back over the Tunnel to the VPN client. This makes me think that there is a problem with NAT-T translation on the BEFSX41.

I have a question for crisrico:

Did you ever get this working???

Does anyone know how to make sure NAT-T is enabled and running on the BEFSX41?

The thread below suggests that the username and FQDN must be filled in the advanced field? Is this true? Where?